Vulnerabilites related to samsung - galaxy_s6_edge
cve-2015-7889
Vulnerability from cvelistv5
Published
2017-12-27 18:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/77339 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/38558/ | exploit, x_refsource_EXPLOIT-DB | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=490&redir=1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77339"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html"
},
{
"name": "38558",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38558/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=490\u0026redir=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-27T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77339"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html"
},
{
"name": "38558",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38558/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=490\u0026redir=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77339"
},
{
"name": "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html"
},
{
"name": "38558",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38558/"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=490\u0026redir=1",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=490\u0026redir=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7889",
"datePublished": "2017-12-27T18:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12762
Vulnerability from cvelistv5
Published
2019-06-06 19:45
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607 | x_refsource_MISC | |
| https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:54.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-06T19:45:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607",
"refsource": "MISC",
"url": "https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607"
},
{
"name": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/",
"refsource": "MISC",
"url": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12762",
"datePublished": "2019-06-06T19:45:22",
"dateReserved": "2019-06-06T00:00:00",
"dateUpdated": "2024-08-04T23:32:54.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7890
Vulnerability from cvelistv5
Published
2020-02-12 14:54
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html | x_refsource_MISC | |
| https://code.google.com/p/google-security-research/issues/detail?id=491 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/38556/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=491"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38556/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T14:54:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=491"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/38556/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html"
},
{
"name": "https://code.google.com/p/google-security-research/issues/detail?id=491",
"refsource": "MISC",
"url": "https://code.google.com/p/google-security-research/issues/detail?id=491"
},
{
"name": "https://www.exploit-db.com/exploits/38556/",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/38556/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7890",
"datePublished": "2020-02-12T14:54:18",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35693
Vulnerability from cvelistv5
Published
2020-12-24 18:02
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device\u0027s Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia\u0027s COVIDSafe app, Singapore\u0027s TraceTogether app, or France\u0027s TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T18:02:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device\u0027s Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia\u0027s COVIDSafe app, Singapore\u0027s TraceTogether app, or France\u0027s TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf",
"refsource": "MISC",
"url": "https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35693",
"datePublished": "2020-12-24T18:02:08",
"dateReserved": "2020-12-24T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7894
Vulnerability from cvelistv5
Published
2017-08-09 18:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=495&redir=1 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/134197/Samsung-LibQjpeg-Image-Decoding-Memory-Corruption.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/77423 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/38614/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=495\u0026redir=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134197/Samsung-LibQjpeg-Image-Decoding-Memory-Corruption.html"
},
{
"name": "77423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77423"
},
{
"name": "38614",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38614/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-09T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=495\u0026redir=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134197/Samsung-LibQjpeg-Image-Decoding-Memory-Corruption.html"
},
{
"name": "77423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77423"
},
{
"name": "38614",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38614/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=495\u0026redir=1",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=495\u0026redir=1"
},
{
"name": "http://packetstormsecurity.com/files/134197/Samsung-LibQjpeg-Image-Decoding-Memory-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134197/Samsung-LibQjpeg-Image-Decoding-Memory-Corruption.html"
},
{
"name": "77423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77423"
},
{
"name": "38614",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38614/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7894",
"datePublished": "2017-08-09T18:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-11038
Vulnerability from cvelistv5
Published
2020-04-07 13:17
Modified
2024-08-06 03:47
Severity ?
EPSS score ?
Summary
An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016).
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn\u0027t implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T13:17:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-11038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn\u0027t implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-11038",
"datePublished": "2020-04-07T13:17:05",
"dateReserved": "2020-04-07T00:00:00",
"dateUpdated": "2024-08-06T03:47:34.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8546
Vulnerability from cvelistv5
Published
2020-04-10 18:43
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015).
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-10T18:43:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8546",
"datePublished": "2020-04-10T18:43:53",
"dateReserved": "2015-12-12T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7888
Vulnerability from cvelistv5
Published
2017-06-07 14:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/77338 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:30.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "77338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489\u0026q=samsung\u0026redir=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T11:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "77338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489\u0026q=samsung\u0026redir=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77338"
},
{
"name": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489\u0026q=samsung\u0026redir=1",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489\u0026q=samsung\u0026redir=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7888",
"datePublished": "2017-06-07T14:00:00",
"dateReserved": "2015-10-22T00:00:00",
"dateUpdated": "2024-08-06T08:06:30.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-04-10 19:15
Modified
2024-11-21 02:38
Severity ?
Summary
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | - | ||
| samsung | galaxy_note5 | - | |
| samsung | galaxy_s6 | - | |
| samsung | galaxy_s6_edge | - | |
| samsung | galaxy_s6_edge\+ | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79782A44-3935-4F07-ACEC-F7701D76EA05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C60E27-871F-4B77-87A5-9F9F20DCA2D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E10E1BF-BFA5-4080-BBFB-4922C40D7066",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015)."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos m\u00f3viles Samsung con versiones de software hasta el 12-11-2015, afectando a Galaxy S6/S6 Edge, Galaxy S6 Edge+ y Galaxy Note5 con el chipset Shannon333. Se presenta un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el proceso baseband que es explotable para una ejecuci\u00f3n de c\u00f3digo remota por medio de una estaci\u00f3n base falsa. El ID de Samsung es SVE-2015-5123 (Diciembre de 2015)."
}
],
"id": "CVE-2015-8546",
"lastModified": "2024-11-21T02:38:42.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-10T19:15:12.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-12 15:15
Modified
2024-11-21 02:37
Severity ?
Summary
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://code.google.com/p/google-security-research/issues/detail?id=491 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/38556/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://code.google.com/p/google-security-research/issues/detail?id=491 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/38556/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_s6_edge_firmware | - | |
| samsung | galaxy_s6_edge | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s6_edge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D8A184-3F01-49A1-98BE-B735296383B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C60E27-871F-4B77-87A5-9F9F20DCA2D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en la funci\u00f3n esa_write en el archivo /dev/seirenin en el controlador Exynos Seiren Audio, como es usado en Samsung S6 Edge, permiten a usuarios locales causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de un par\u00e1metro (1) buffer o (2) size de gran tama\u00f1o"
}
],
"id": "CVE-2015-7890",
"lastModified": "2024-11-21T02:37:36.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-12T15:15:11.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=491"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38556/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134106/Samsung-Seiren-Kernel-Driver-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://code.google.com/p/google-security-research/issues/detail?id=491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38556/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-09 18:29
Modified
2024-11-21 02:37
Severity ?
Summary
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_s6_edge_firmware | lrx22g.g925vvru1aoe2 | |
| samsung | galaxy_s6_edge | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s6_edge_firmware:lrx22g.g925vvru1aoe2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBEE24C-CFF2-4B00-8400-AB3EE4765EDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C60E27-871F-4B77-87A5-9F9F20DCA2D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG."
},
{
"lang": "es",
"value": "El servicio DCMProvider en Samsung LibQjpeg en un dispositivo Samsung SM-G925V ejecutando la versi\u00f3n n\u00famero LRX22G.G925VVRU1AOE2 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y bloqueo del proceso) y ejecuten c\u00f3digo arbitrario mediante un archivo JPG manipulado."
}
],
"id": "CVE-2015-7894",
"lastModified": "2024-11-21T02:37:37.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-09T18:29:01.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134197/Samsung-LibQjpeg-Image-Decoding-Memory-Corruption.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77423"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=495\u0026redir=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38614/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134197/Samsung-LibQjpeg-Image-Decoding-Memory-Corruption.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=495\u0026redir=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38614/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-06 20:29
Modified
2024-11-21 04:23
Severity ?
Summary
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mi | mi_5s_plus_firmware | - | |
| mi | mi_5s_plus | - | |
| sony | xperia_z4_firmware | - | |
| sony | xperia_z4 | - | |
| samsung | galaxy_s6_edge_firmware | - | |
| samsung | galaxy_s6_edge | - | |
| samsung | galaxy_s4_firmware | - | |
| samsung | galaxy_s4 | - | |
| nexus_7_firmware | - | ||
| nexus_7 | - | ||
| nexus_9_firmware | - | ||
| nexus_9 | - | ||
| sharp | aquos_zeta_sh-04f_firmware | - | |
| sharp | aquos_zeta_sh-04f | - | |
| fujitsu | arrows_nx_f05-f_firmware | - | |
| fujitsu | arrows_nx_f05-f | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mi:mi_5s_plus_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D0C125-DF98-4616-9957-16F9F4A37DFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mi:mi_5s_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C8D05B-B851-41BD-A0C7-ED4B47A4CAA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sony:xperia_z4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE6C7CA-1A0A-46D1-8807-476E8014F5C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sony:xperia_z4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB52A381-4094-483C-BC6F-01E81BB2D3C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s6_edge_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D8A184-3F01-49A1-98BE-B735296383B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C60E27-871F-4B77-87A5-9F9F20DCA2D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s4_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5612A23E-43B3-4B13-89C1-6178C1737DAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "717D895C-E64D-4E0E-9F4A-9B191E6388B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:nexus_7_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "183D2632-2F2A-4B17-9617-92509C31B702",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:nexus_7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12357E84-6FAE-4C6B-8FD3-BD5457DBBBCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:nexus_9_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "852FB43E-072C-4C96-ABEF-6F15E4F3C0F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:google:nexus_9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1018566D-5DBE-44BD-BA05-1F6A6375C32F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sharp:aquos_zeta_sh-04f_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16E64A2E-16CB-4301-8A7C-F3765EF2B7BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sharp:aquos_zeta_sh-04f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5DC700-E8CB-4A19-B704-5384ED7D3697",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fujitsu:arrows_nx_f05-f_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CDA25A7-839A-4870-8DE6-D2B0D2405F37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fujitsu:arrows_nx_f05-f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99C8B1DE-1EA8-405F-9D4E-5F6D96F4B6D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch."
},
{
"lang": "es",
"value": "Los dispositivos Xiaomi Mi 5s Plus permiten a los atacantes desencadenar anomal\u00edas de la pantalla t\u00e1ctil a trav\u00e9s de una se\u00f1al de radio entre 198 kHz y 203 kHz, como lo demuestra un transmisor y una antena ocultos justo debajo de la superficie de una mesa de cafeter\u00eda, tambi\u00e9n conocida como Ghost Touch."
}
],
"id": "CVE-2019-12762",
"lastModified": "2024-11-21T04:23:31.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-06T20:29:02.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-07 14:29
Modified
2024-11-21 02:37
Severity ?
Summary
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/77338 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/77338 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/project-zero/issues/detail?id=489&q=samsung&redir=1 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | galaxy_s6_edge_firmware | g925vvru1aoe2 | |
| samsung | galaxy_s6_edge | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:galaxy_s6_edge_firmware:g925vvru1aoe2:*:*:*:*:*:*:*",
"matchCriteriaId": "54149730-A95F-4F6F-8EE6-D74A08359347",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C60E27-871F-4B77-87A5-9F9F20DCA2D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en WifiHs20UtilityService en el Samsung S6 Edge LRX22G.G925VVRU1AOE2, permite a atacantes remotos sobrescribir o crear archivos arbitrarios como un usuario a nivel de sistema a trav\u00e9s de .. (punto punto) en un archivo comprimido en Cred.zip, y descargado en /sdcard/Download."
}
],
"id": "CVE-2015-7888",
"lastModified": "2024-11-21T02:37:36.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-07T14:29:00.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77338"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489\u0026q=samsung\u0026redir=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/134104/Samsung-WifiHs20UtilityService-Path-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=489\u0026q=samsung\u0026redir=1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-07 14:15
Modified
2024-11-21 02:45
Severity ?
Summary
An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.samsungmobile.com/securityUpdate.smsb | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B148CE20-A498-4F1E-9C2D-C38F9F15292D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65AD2209-F89B-4CF2-BFA6-710D4E8A965A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C58E9E1-08A0-4EA8-8EDE-CD7836A7289D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7060E1BD-9FFF-4D74-A2EE-20ABB447EA23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C60E27-871F-4B77-87A5-9F9F20DCA2D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn\u0027t implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016)."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en dispositivos m\u00f3viles Samsung con versiones de software hasta el 05-04-2019 (incorporando el Samsung Professional Audio SDK). El servicio de audio Jack no implementa el control de acceso para la memoria compartida, conllevando a una ejecuci\u00f3n de c\u00f3digo arbitraria o una escalada de privilegios. El ID de Samsung es SVE-2016-5953 (Julio de 2016)."
}
],
"id": "CVE-2016-11038",
"lastModified": "2024-11-21T02:45:21.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-07T14:15:13.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-28 02:29
Modified
2024-11-21 02:37
Severity ?
Summary
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| samsung | galaxy_s6_edge | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B349128A-CD08-4B2B-975B-650831183DBE",
"versionEndIncluding": "5.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C60E27-871F-4B77-87A5-9F9F20DCA2D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n SecEmailComposer/EmailComposer en Samsung S6 Edge, en versiones anteriores a la October 2015 MR, utiliza permisos d\u00e9biles para la acci\u00f3n de servicio com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND. Esto puede permitir que atacantes remotos que conozcan la direcci\u00f3n de email local obtengan informaci\u00f3n sensible mediante una aplicaci\u00f3n manipulada que env\u00ede un intent manipulado."
}
],
"id": "CVE-2015-7889",
"lastModified": "2024-11-21T02:37:36.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-28T02:29:03.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77339"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=490\u0026redir=1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38558/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/134105/Samsung-SecEmailComposer-QUICK_REPLY_BACKGROUND-Permission-Weakness.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/77339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=490\u0026redir=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/38558/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-24 18:15
Modified
2024-11-21 05:27
Severity ?
Summary
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| android | * | ||
| samsung | galaxy_a3 | - | |
| samsung | galaxy_note_4 | - | |
| samsung | galaxy_note_5 | - | |
| samsung | galaxy_s5 | - | |
| samsung | galaxy_s6_edge | - | |
| samsung | j2_pro_\(2018\) | - | |
| samsung | tab_a_\(2017\) | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F11609D-D1B4-4DD6-8CC7-A224344E1E67",
"versionEndIncluding": "7.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_a3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5308BFAD-9643-445A-9775-50714E0EF6CE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65AD2209-F89B-4CF2-BFA6-710D4E8A965A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A65FDE-445C-4AD2-AE13-9132127C5A0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7060E1BD-9FFF-4D74-A2EE-20ABB447EA23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s6_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64C60E27-871F-4B77-87A5-9F9F20DCA2D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:j2_pro_\\(2018\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F6330C-EA78-4A2E-9912-35354FCE4EAE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:tab_a_\\(2017\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9F7BAE-825D-41B0-B9BA-3BAC4579E6ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device\u0027s Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia\u0027s COVIDSafe app, Singapore\u0027s TraceTogether app, or France\u0027s TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5."
},
{
"lang": "es",
"value": "En algunos tel\u00e9fonos y tabletas de Samsung que ejecutan Android versiones hasta 7.1.1, es posible que un dispositivo Bluetooth Low Energy (BLE) controlado por un atacante se empareje silenciosamente con un dispositivo objetivo vulnerable, sin ninguna interacci\u00f3n del usuario, cuando el Bluetooth del dispositivo objetivo es activado. y lo ejecuta una aplicaci\u00f3n que ofrece un anuncio BLE conectable.\u0026#xa0;Un ejemplo de una aplicaci\u00f3n de este tipo podr\u00eda ser una aplicaci\u00f3n de rastreo de contactos basada en Bluetooth, como la aplicaci\u00f3n COVIDSafe de Australia, la aplicaci\u00f3n TraceTogether de Singapur o TousAntiCovid de Francia (anteriormente StopCovid).\u0026#xa0;Como parte del proceso de emparejamiento, se intercambian dos piezas (entre otras) de informaci\u00f3n de identificaci\u00f3n personal: la direcci\u00f3n de identidad del adaptador Bluetooth del dispositivo de destino y su clave de resoluci\u00f3n de identidad (IRK) asociada.\u0026#xa0;Cualquiera de estos identificadores se puede utilizar para llevar a cabo una reidentificaci\u00f3n del dispositivo objetivo para un rastreo a largo plazo.\u0026#xa0;La lista de dispositivos afectados incluye (pero no se limita a): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4 y Galaxy S5"
}
],
"id": "CVE-2020-35693",
"lastModified": "2024-11-21T05:27:51.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-24T18:15:12.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}